SEC560: Network Penetration Testing and Ethical Hacking

As a cyber security professional, you have a unique responsibility to find and understand your organization's vulnerabilities, and to work diligently to mitigate them before the bad guys pounce. Are you ready? SANS SEC560, our flagship course for penetration testing, fully arms you to address this duty head-on.

SEC560 is the must-have course for every well-rounded security professional.

This course starts with proper planning, scoping and recon, then dives deep into scanning, target exploitation, password attacks and wireless and web apps, with over 30 detailed hands-on labs throughout.

Learn the best ways to test your own systems before the bad guys attack.

Chock full of practical, real-world tips from some of the world's best penetration testers, SEC560 prepares you to perform detailed reconnaissance by examining a target's infrastructure and mining blogs, search engines, social networking sites and other Internet and intranet infrastructure. You will be equipped to scan target networks using best-of-breed tools. We will not just cover run-of-the-mill options and configurations, we will also go over the less-known but highly useful capabilities of the best pen test toolsets available today. After scanning, you will learn dozens of methods for exploiting target systems to gain access and measure real business risk, then examine post-exploitation, password attacks, wireless and web apps, pivoting through the target environment to model the attacks of real-world bad guys.

You will bring comprehensive penetration testing and ethical hacking know-how back to your organization.

After building your skills in challenging labs over five days, the course culminates with a full-day, real-world network penetration test scenario. You will conduct an end-to-end penetration test, applying the knowledge, tools and principles from throughout the course as you discover and exploit vulnerabilities in a realistic sample target organization.

Overview

In this section of the course, you will develop the skills needed to conduct a best-of-breed, high-value penetration test. We will go in-depth on how to build penetration testing infrastructure that includes all the hardware, software, network infrastructure and tools you will need to conduct great penetration tests, with specific low-cost recommendations for your arsenal. We will then cover formulating a pen test scope and rules of engagement that will set you up for success, including a role-play exercise. We also dig deep into the reconnaissance portion of a penetration test, covering the latest tools and techniques, including hands-on document metadata analysis to pull sensitive information about a target environment.

Overview

We next focus on the vital task of mapping the attack surface by creating a comprehensive inventory of machines, accounts and potential vulnerabilities. We will look at some of the most useful scanning tools freely available today and run them in numerous hands-on labs to help hammer home the most effective way to use each tool. We will also conduct a deep dive into some of the most useful tools available to pen testers today for formulating packets: Scapy and Netcat. We finish the day covering vital techniques for false-positive reduction so you can focus your findings on meaningful results and avoid the sting of a false positive. And we will examine the best ways to conduct your scans safely and efficiently.

Overview

This section looks at the many kinds of exploits that penetration testers use to compromise target machines, including client-side exploits, service-side exploits and local privilege escalation. We will see how these exploits are packaged in frameworks like Metasploit and its mighty Meterpreter. You will learn in-depth how to leverage Metasploit and the Meterpreter to compromise target environments, search them for information to advance the penetration test and pivot to other systems, all with a focus on determining the true business risk of the target organization. We will also look at post-exploitation analysis of machines and pivoting to find new targets, finishing the section with a lively discussion of how to leverage the Windows shell to dominate target environments.

Overview

This component of the course turns our attention to password attacks, analyzing password guessing, password cracking, and pass-the-hash techniques in depth. We will go over numerous tips based on real-world experience to help penetration testers and ethical hackers maximize the effectiveness of their password attacks. You will patch and custom-compile John the Ripper to optimize its performance in cracking passwords. You will look at the amazingly full-featured Cain tool, running it to crack sniffed Windows authentication messages. You will also perform multiple types of pivots to move laterally through our target lab environment, and pluck hashes and cleartext passwords from memory using the Mimikatz tool. We will see how Rainbow Tables really work to make password cracking much more efficient, all hands-on. And we will finish the day with an exciting discussion of powerful pass-the-hash attacks, leveraging Metasploit, the Meterpreter, and SAMBA client software.

CPE/CMU Credits: 6

Topics

Password Attack Tips

Account Lockout and Strategies for Avoiding It

Automated Password Guessing with THC-Hydra

Retrieving and Manipulating Hashes from Windows, Linux, and Other Systems

Overview

This lively session represents the culmination of the network penetration testing and ethical hacking course, where you will apply all of the skills mastered in the course in a full-day, hands-on workshop. You will conduct an actual penetration test of a sample target environment. We will provide the scope and rules of engagement, and you will work with a team to achieve your goal of finding out whether the target organization's Personally Identifiable Information is at risk. As a final step to prepare you for conducting penetration tests, you will make recommendations about remediating the risks you identify.

To get the most value out of this course, students are required to bring their own laptop so that they can connect directly to the workshop network we will create. It is the students' responsibility to make sure the system is properly configured with all drivers necessary to connect to an Ethernet network.

Some of the course exercises are based on Windows, while others focus on Linux. VMware Player or VMware Workstation is required for the class. If you plan to use a Macintosh, please make sure you bring VMware Fusion, along with a Windows guest virtual machine.

Windows

You are required to bring Windows 8 or 8.1 (Professional, Enterprise, or Ultimate), Windows 7 (Professional, Enterprise, or Ultimate), Windows Vista (Business, Enterprise, or Ultimate) or Windows 2008/2012 Server, either a real system or a virtual machine.

The course includes a VMware image file of a guest Linux system that is larger than 3 GB. Therefore, you need a file system with the ability to read and write files that are larger than 2 GB, such as NTFS on a Windows machine.

IMPORTANT NOTE: You will also be required to disable your anti-virus tools temporarily for some exercises, so make sure you have the anti-virus administrator permissions to do so. DO NOT plan on just killing your anti-virus service or processes, because most anti-virus tools still function, even when their associated services and processes have been terminated. For many enterprise-managed clients, disabling your anti-virus tool may require a different password than the Administrator account password. Please bring that administrator password for your anti-virus tool.

Enterprise VPN clients may interfere with the network configuration required to participate in the class. If your system has an enterprise VPN client installed, you may need to uninstall it for the exercises in class.

VMware

You will use VMware to run Windows and Linux operating systems simultaneously when performing exercises in class. You must have either the free VMware Player 6 or later or the commercial VMware Workstation 10 or later installed on your system prior to coming to class. You can download VMware Player for free here.

Alternatively, if you want a more flexible and configurable tool, you can download a free 30-day trial copy of VMware Workstation here. VMware will send you a time-limited license number for VMware Workstation if you register for the trial on their website. No license number is required for VMware Player.

We will give you a DVD full of attack tools to experiment with during the class and to take home for later analysis. We will also provide a Linux image with all of our tools pre-installed that runs within VMware Player or VMware Workstation.

Linux

You do not need to bring a Linux system if you plan to use our Linux image in VMware. However, you are required to bring VMware Workstation,VMware Player or VMware Fusion. The class does not support Virtual Box, VirtualPC, or other non-VMware virtualization products.

Mandatory Laptop Hardware Requirements

x86-compatible or x64-compatible 2.0 GHz CPU minimum or higher

DVD drive

4 GB RAM minimum with 8 GB or higher recommended

Ethernet adapter (a wired connection is required in class; if your laptop supports only wireless, please make sure to bring a USB Ethernet adapter with you)

10 GB available hard-drive space

Any Service Pack level is acceptable for Windows 8, Windows 7 or Windows Vista

During the workshop, you will be connecting to one of the most hostile networks on Earth! Your laptop might be attacked. Do not have any sensitive data stored on the system. SANS is not responsible for your system if someone in the class attacks it in the workshop.

By bringing the right equipment and preparing in advance, you can maximize what you will see and learn, as well as have a lot of fun.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

SANS Security 560 attendees are expected to have a working knowledge of TCP/IP, cryptographic concepts (including one-way hashing, symmetric key cryptography and public key cryptography), and the Windows and Linux command lines before they step into class. Although SANS Security 504: Hacker Tools, Techniques, Exploits, and Incident Handling is not a prerequisite for SEC560, that course covers the groundwork that all SEC560 attendees are expected to know. While SEC560 is technically in-depth, it is important to note that programming knowledge is NOT required for the course. For more information on the differences between SEC560 and SEC504, see the SEC560 and SEC504 FAQS.

We get deep into the tools arsenal with numerous hands-on exercises that show subtle, less well-known and undocumented features that are useful for professional penetration testers and ethical hackers.

It discusses how the tools interrelate with each other in an overall testing process. Rather than just throwing up a bunch of tools and playing with them, we analyze how to leverage information from one tool to get the most bang out of the next tool.

We focus on the workflow of professional penetration testers and ethical hackers, proceeding step by step and discussing the most effective means for conducting projects.

The sessions address common pitfalls that arise in penetration tests and ethical hacking projects, providing real-world strategies and tactics for avoiding these problems to maximize the quality of test results.

We cover several time-saving tactics based on years of in-the-trenches experience of real penetration testers and ethical hacker - tasks that might take hours or days unless you know the little secrets we will cover that will let you surmount a problem in minutes.

The course stresses the mindset of successful penetration testers and ethical hackers, which involves balancing the often contravening forces of thinking outside the box, methodically trouble-shooting, carefully weighing risks, following a time-tested process, painstakingly documenting results and creating a high-quality final report that achieves management and technical buy-in.

We analyze how penetration testing and ethical hacking should fit into a comprehensive enterprise information security program.

Configure and launch the Nessus vulnerability scanner so that it discovers vulnerabilities through both authenticated and unauthenticated scans in a safe manner, and customize the output from such tools to represent the business risk to the organization

Analyze the output of scanning tools to manually verify findings and perform false positive reduction using Netcat and the Scapy packet crafting tools

Utilize the Windows and Linux command lines to plunder target systems for vital information that can further overall penetration test progress, establish pivots for deeper compromise and help determine business risks

Configure the Metasploit exploitation tool to scan, exploit and then pivot through a target environment in-depth

"SANS is really the only information security training available and is therefore valuable on its own. The wide subject areas, relating to penetration testing, are what makes SEC560 particularly valuable." - Nicholas Capalbo, Federal Reserve of New York

"I think if you genuinely want to learn how exploitation techniques work and how to properly think like a hacker, it would be silly not to attend." - Mark Hamilton, McAfee

"SEC560 is getting better and better. You understand more as the day goes on. Most of these tools I will able to use in my organization." - Rayen Rai, Godo

"SEC560 helped to take the stew of ideas and techniques in my head and organize them in a 'professionally' usable way." - Richard Tafoya, Redflex Traffic Systems

"I had a great time. SEC560 has tons of useful material and techniques. As with all SANS training, I leave knowing that I can apply this as soon as I am back at work." - Benjamin Bagby, XE.Com

"This type of training is fantastic, all new penetration testers and personnel who interact with testers or set up assessments should take SEC560." - Christopher Duffy, Knowledge Consulting Group

"This will help me determine how safe my work environment is. SEC560 is very fun, I do not feel burnt out at the end of the day." - David Neilson, Western Family Foods

"This is one of the most complete technical courses I have ever taken. The Capture The Flag event really helped pull it all together." - Thomas Hart, Hart Consulting

"This training will have a direct impact on my current and future duties. Also having this resource as an outlet to understand new concepts/tools and better understand tools/concepts I was familiar with." - Marcus Knox, DST

Author Statement

Successful penetration testers do not just throw a bunch of hacks against an organization and regurgitate the output of their tools. Instead, they need to understand how these tools work in-depth and conduct their test in a careful, professional manner. This course explains the inner workings of numerous tools and their use in effective network penetration testing and ethical hacking projects. When teaching the class, I particularly enjoy the numerous hands-on exercises culminating with a final pen testing extravaganza lab.

- Ed Skoudis, SANS Pen Test Curriculum Lead and Faculty Fellow

Additional Resources

Take your learning beyond the classroom. Explore our site network for additional resources related to this course's subject matter.

Downloads

Share

As a SysAdmin, I found this course invaluable. It not only gave me the skills I need to audit my own systems, but also gave me some insight on how to better work with external auditors.Christoper O'KeefeSANS Student